The Hacker News

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse.
CSO Online

Fortinet confirms new zero-day attacks against customer devices

All SAML SSO implementations, including FortiCloud SSO, are vulnerable to authentication bypass and malicious configuration ...

Fortinet confirms critical FortiCloud auth bypass not fully patched

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to ...
CSO Online

Trivial Telnet authentication bypass exposes devices to complete takeover

The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for ...
SecurityWeek

Fresh SmarterMail Flaw Exploited for Admin Access

Threat actors started exploiting a SmarterMail authentication bypass flaw for remote code execution only days after patches ...

SmarterMail auth bypass flaw now exploited to hijack admin accounts

Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration ...

GitLab patches major security flaw - here's what we know

A new patch fixes six important GitLab flaws ...
Forbes

New 2FA Security Warning—30 Million Authentication Cookies Up For Sale

Update, Dec. 03, 2024: This story, originally published Dec. 02, now updated to reflect the 2FA-bypass security threat beyond Black Friday and Cyber Monday. The busiest period of online shopping, ...
SecurityWeek

Why Identity Security Must Move Beyond MFA

Organizations with a comprehensive identity security strategy are better positioned to defend against evolving threats and ...